Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Lob-- Can You Help Fix My Issues?


  • Please log in to reply
28 replies to this topic

#1 destinylynn79

destinylynn79

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conroe, Texas
  • Local time:05:41 AM

Posted 22 October 2007 - 06:51 AM

I had and issue with my volume not being able to be in the taskbar. It said that sndvol32.exe did not exist. i fixed that but the software for my wireless keyboard and mouse was working fine. My mouse software still is but the keyboard is not. It keeps coming up that Versato MFC Apllication (Versato.exe) has encountered and error and needs to close.
It is ticked to run at start up.

Below is the log of hijack this after it scanned my computer. Please help. I would like my computer back in proper working order.

System restore was off due to the instructions (virus scan, mcafee stinger, etc...) posted by grinler. I have since turned it back on. I hope that this was not done prematurely.

Any instruction given will have to walk me through entirely as I am not computer wiz and do not want to mess things up worse. Anything that does not need to run at start up (not including the clock, webshots, weatherbug, lexmark printer, and q-type pro) let me know so it can be adjusted-- rather you can tell me how to do this.


Thank you for all of your help in advance. (Also the editing was spelling errors I missed. I trend to like to have things spelled correctly among other things.)

Thank you so much for the use of your valuable time and efforts.


Desiree




---------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:30 AM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Games Enhancement\gameen.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Q-Type Pro\MulMouse.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Q-Type Pro\MagicWl.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Enable Q-Point Driver.lnk = C:\Program Files\Q-Type Pro\MulMouse.exe
O4 - Global Startup: Enable Q-Type Driver.lnk = C:\Program Files\Q-Type Pro\Versato.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1177958462109
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9E515FE4-2A60-4D08-8E96-CF9A967BE49B} (SSMEarthLink Control) - http://check.earthlinksecurity.com/SSMEarthLink.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CS1\Services\Tcpip\..\{0257D8F9-28D0-44B1-9018-F61A7A18D10E}: NameServer = 68.94.156.1 68.94.157.1
O20 - Winlogon Notify: nnnkjgf - C:\WINDOWS\SYSTEM32\nnnkjgf.dll
O22 - SharedTaskScheduler: convalescently - {cea2e5cd-e849-427b-80f0-59298caef1c4} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Games Enhancement Service - Exent Technologies Ltd. - C:\Program Files\Common Files\Games Enhancement\gameen.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


--
End of file - 10752 bytes

Edited by destinylynn79, 22 October 2007 - 06:56 AM.


BC AdBot (Login to Remove)

 


#2 destinylynn79

destinylynn79
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conroe, Texas
  • Local time:05:41 AM

Posted 24 October 2007 - 03:36 PM

I have since fixed many of my issues, but I just dont know if I have any viruses.. I would hope someone would let me know .
Smile, it makes you look better!?! :)


The only stupid question there is, is one that goes unasked.
Do you have any questions?

#3 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 24 October 2007 - 04:23 PM

Hi destinylynn79 and Welcome to the Bleeping Computer!

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#4 destinylynn79

destinylynn79
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conroe, Texas

Posted 25 October 2007 - 08:43 AM

OKay, Thank you Cretemonster. It's a pleasure. Thank you for helping me. Below are both logs you asked me for. HijackThis is first and then the CombFix.

Thanks again.

Desiree :thumbsup:
----------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:39 AM, on 10/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Games Enhancement\gameen.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Q-Type Pro\MulMouse.exe
C:\Program Files\Q-Type Pro\Versato.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Q-Type Pro\MagicWl.exe
C:\Program Files\Q-Type Pro\OSD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [New Application] C:\Program Files\Q-Type Pro\OSD.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Enable Q-Point Driver.lnk = C:\Program Files\Q-Type Pro\MulMouse.exe
O4 - Global Startup: Enable Q-Type Driver.lnk = C:\Program Files\Q-Type Pro\Versato.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase2895.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1177958462109
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9E515FE4-2A60-4D08-8E96-CF9A967BE49B} (SSMEarthLink Control) - http://check.earthlinksecurity.com/SSMEarthLink.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CS1\Services\Tcpip\..\{0257D8F9-28D0-44B1-9018-F61A7A18D10E}: NameServer = 68.94.156.1 68.94.157.1
O20 - Winlogon Notify: nnnkjgf - nnnkjgf.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Games Enhancement Service - Exent Technologies Ltd. - C:\Program Files\Common Files\Games Enhancement\gameen.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10296 bytes




-------------------------------------------------------------------------------------------------------------

ComboFix 07-10-23.1 - valued customer 2007-10-25 8:09:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1450 [GMT -5:00]
Running from: C:\Documents and Settings\valued customer\Local Settings\Temporary Internet Files\Content.IE5\UW2U2226\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ADMIN\Application Data\FunWebProducts
C:\Documents and Settings\All Users.WINDOWS\Application Data.\salesmonitor
C:\Program Files\Common Files\{3882A~1
C:\Program Files\Common Files\{A882A~1
C:\Program Files\Common Files\{A882A~2
C:\Program Files\Common Files\{A882A~3

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent


((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 )))))))))))))))))))))))))))))))
.

2007-10-25 08:08 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 13:07 <DIR> d-------- C:\Program Files\3RVX
2007-10-24 12:20 <DIR> d-------- C:\Temp\META-INF
2007-10-24 09:30 <DIR> d-------- C:\dell
2007-10-24 09:23 <DIR> d-------- C:\Program Files\Sound Volume Hotkeys
2007-10-24 09:15 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro 5.5
2007-10-24 08:10 <DIR> d-------- C:\Program Files\Glary Utilities
2007-10-24 08:05 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\VSRevoGroup
2007-10-24 08:04 <DIR> d-------- C:\Program Files\VS Revo Group
2007-10-23 18:38 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-10-23 18:16 <DIR> d-------- C:\Program Files\Absolute Uninstaller
2007-10-23 17:58 <DIR> d-------- C:\Program Files\Wise Registry Cleaner
2007-10-22 07:55 <DIR> d-------- C:\Program Files\DIKO
2007-10-22 07:46 <DIR> d-------- C:\WINDOWS\system32\ffdshow
2007-10-22 07:46 <DIR> d-------- C:\Program Files\SourceTec
2007-10-22 07:36 <DIR> d-------- C:\Program Files\CinemaForge
2007-10-22 07:36 1,559,056 --a------ C:\WINDOWS\screengenie.scr
2007-10-22 07:15 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-10-22 07:11 <DIR> d-------- C:\Program Files\Kate's Video Converter
2007-10-22 07:11 598,016 --a------ C:\WINDOWS\system32\viscomqtde.dll
2007-10-22 07:11 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-10-22 07:11 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll
2007-10-22 07:11 110,592 --a------ C:\WINDOWS\system32\viscomaudioencoder.dll
2007-10-22 07:11 98,304 --a------ C:\WINDOWS\system32\viscomtran.dll
2007-10-22 07:11 94,208 --a------ C:\WINDOWS\system32\viscomaudiodata.dll
2007-10-22 07:11 90,112 --a------ C:\WINDOWS\system32\viscomframe.dll
2007-10-22 07:11 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-10-21 12:53 <DIR> d-------- C:\logs
2007-10-21 12:53 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\InstallShield
2007-10-19 14:17 <DIR> d-------- C:\Documents and Settings\valued customer\Incomplete
2007-10-18 15:37 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\RegistrySmart
2007-10-16 18:53 <DIR> d-------- C:\Program Files\9Dragons
2007-10-15 07:25 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\FaxCtr
2007-10-14 11:04 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\Motive
2007-10-13 22:40 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\Lexmark Imaging Studio
2007-10-13 22:34 <DIR> d-------- C:\Program Files\Lx_cats
2007-10-13 22:33 331,776 --a------ C:\WINDOWS\system32\lxddcoin.dll
2007-10-13 22:33 40,960 --a------ C:\WINDOWS\system32\lxddvs.dll
2007-10-13 22:32 692,224 --a------ C:\WINDOWS\system32\lxdddrs.dll
2007-10-13 22:32 69,632 --a------ C:\WINDOWS\system32\lxddcnv4.dll
2007-10-13 22:32 65,536 --a------ C:\WINDOWS\system32\lxddcaps.dll
2007-10-13 22:31 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-10-13 22:31 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-10-13 22:31 45,056 --a------ C:\WINDOWS\system32\LXF3PMON.DLL
2007-10-13 22:31 36,864 --a------ C:\WINDOWS\system32\lxf3oem.dll
2007-10-13 22:31 32,768 --a------ C:\WINDOWS\system32\LXF3FXPU.DLL
2007-10-13 22:31 12,288 --a------ C:\WINDOWS\system32\LXF3PMRC.DLL
2007-10-13 22:27 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2007-10-13 22:26 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2007-10-13 22:26 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-10-13 22:25 <DIR> d-------- C:\Program Files\Lexmark 2500 Series
2007-10-13 22:25 323,584 --a------ C:\WINDOWS\system32\LXDDhcp.dll
2007-10-13 22:25 278,528 --a------ C:\WINDOWS\system32\LXDDinst.dll
2007-10-13 22:23 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-10-13 22:23 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-10-13 22:19 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-13 22:19 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-12 23:12 <DIR> d-------- C:\Program Files\Q-Type Pro
2007-10-11 08:11 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-10-11 08:11 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-11 08:10 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-11 08:10 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-10-11 08:09 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-11 08:08 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-11 06:24 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-10 15:23 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-10 00:08 4,255 --a--c--- C:\WINDOWS\system32\dllcache\adv01nt5.dll
2007-10-10 00:08 3,967 --a--c--- C:\WINDOWS\system32\dllcache\adv02nt5.dll
2007-10-10 00:08 3,615 --a--c--- C:\WINDOWS\system32\dllcache\adv05nt5.dll
2007-10-09 23:21 747,392 --a--c--- C:\WINDOWS\system32\dllcache\adm8830.sys
2007-10-09 23:21 584,448 --a--c--- C:\WINDOWS\system32\dllcache\adm8810.sys
2007-10-09 23:21 553,984 --a--c--- C:\WINDOWS\system32\dllcache\adm8820.sys
2007-10-09 23:21 101,888 --a--c--- C:\WINDOWS\system32\dllcache\adpu160m.sys
2007-10-09 23:21 61,440 --a--c--- C:\WINDOWS\system32\dllcache\acerscad.dll
2007-10-09 23:21 46,112 --a--c--- C:\WINDOWS\system32\dllcache\adptsf50.sys
2007-10-09 23:21 20,160 --a--c--- C:\WINDOWS\system32\dllcache\adm8511.sys
2007-10-09 23:21 10,880 --a--c--- C:\WINDOWS\system32\dllcache\admjoy.sys
2007-10-09 23:21 7,424 --a--c--- C:\WINDOWS\system32\dllcache\adicvls.sys
2007-10-09 23:16 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-10-09 23:05 <DIR> d-------- C:\Program Files\InstallSafe
2007-10-09 22:06 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-10-09 22:06 138,752 --a--c--- C:\WINDOWS\system32\dllcache\sndvol32.exe
2007-10-09 14:32 <DIR> d-------- C:\Program Files\CodeStuff
2007-10-09 13:26 235,008 --a------ C:\WINDOWS\UNBOC.EXE
2007-10-09 13:26 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2007-10-09 13:25 <DIR> d-------- C:\Program Files\Comodo
2007-10-06 23:50 <DIR> d-------- C:\Program Files\Sound Wheel
2007-10-06 22:34 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\Uniblue
2007-10-06 18:39 23,552 -ra------ C:\WINDOWS\system32\PostProc.dll
2007-10-06 09:49 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\Ashampoo Photo Commander 4
2007-10-06 09:33 <DIR> d-------- C:\Program Files\Ashampoo
2007-10-04 23:20 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\vlc
2007-10-04 23:04 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\AVG7
2007-10-04 23:04 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-10-04 19:52 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\vlc(2)
2007-10-04 19:51 <DIR> d-------- C:\Program Files\VideoLAN
2007-10-04 18:47 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\Azureus
2007-10-04 18:46 <DIR> d-------- C:\Program Files\Azureus
2007-10-04 17:27 43,387 --a------ C:\WINDOWS\browser.exe
2007-10-03 20:21 <DIR> d-------- C:\Program Files\Fairies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-25 13:16 --------- d-----w C:\Program Files\Common Files\Games Enhancement
2007-10-25 13:13 497,084 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-25 13:13 39,581,728 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-25 11:58 --------- d-----w C:\Documents and Settings\valued customer\Application Data\WeatherBug
2007-10-24 18:36 --------- d-----w C:\Program Files\Analog Devices
2007-10-24 13:50 --------- d-----w C:\Program Files\bfgclient
2007-10-24 13:13 --------- d-----w C:\Documents and Settings\valued customer\Application Data\GlarySoft
2007-10-24 12:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-24 12:01 --------- d-----w C:\Program Files\Registry Repair
2007-10-24 12:00 --------- d-----w C:\Program Files\Free Windows Registry Cleaner
2007-10-24 11:58 --------- d-----w C:\Program Files\Smart PC Solutions
2007-10-24 11:58 --------- d-----w C:\Documents and Settings\valued customer\Application Data\Smart PC Solutions
2007-10-23 23:12 --------- d-----w C:\Program Files\Any Video Converter
2007-10-23 23:12 --------- d-----w C:\Documents and Settings\valued customer\Application Data\LimeWire
2007-10-23 23:12 --------- d-----w C:\Documents and Settings\valued customer\Application Data\HouseCall 6.6
2007-10-23 23:12 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\VCOMAntiSpam
2007-10-23 23:11 --------- d-----w C:\Program Files\Webshots
2007-10-23 23:11 --------- d-----w C:\Program Files\SBC Self Support Tool
2007-10-23 23:11 --------- d-----w C:\Program Files\Punch! Pro - Platinum
2007-10-23 23:11 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-10-23 23:11 --------- d-----w C:\Program Files\MAHJONGG
2007-10-23 23:11 --------- d-----w C:\Program Files\LimeWire
2007-10-23 23:11 --------- d-----w C:\Program Files\Insaniquarium Deluxe
2007-10-23 23:11 --------- d-----w C:\Program Files\G.H.O.S.T. Hunters - The Haunting of Majesty Manor
2007-10-23 23:11 --------- d-----w C:\Program Files\Free Window Registry Repair
2007-10-23 23:11 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2007-10-23 23:11 --------- d-----w C:\Program Files\DVDFab Platinum
2007-10-22 12:33 --------- d-----w C:\Program Files\Xvid
2007-10-21 17:59 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-10-15 01:23 --------- d-----w C:\Documents and Settings\valued customer\Application Data\Yahoo!
2007-10-14 00:27 --------- d-----w C:\Program Files\Java
2007-10-12 14:32 --------- d-----w C:\Program Files\Windows Defender
2007-10-12 14:32 --------- d-----w C:\Program Files\Vongo
2007-10-12 14:14 --------- d-----w C:\Program Files\DVDIdle Pro
2007-10-10 20:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 03:26 --------- d-----w C:\Program Files\Coupons
2007-10-06 14:46 --------- d-----w C:\Documents and Settings\valued customer\Application Data\Ashampoo
2007-10-05 11:56 --------- d-----w C:\Program Files\DivX
2007-10-04 22:27 --------- d-----w C:\Program Files\Common Files\Motive
2007-10-04 21:49 --------- d-----w C:\Program Files\Yahoo!
2007-09-06 15:51 --------- d-----w C:\Program Files\Stamps.com Internet Postage
2007-09-06 10:15 5,504 ----a-w C:\WINDOWS\system32\drivers\dvdmmg.sys
2007-08-31 23:31 --------- d-----w C:\Documents and Settings\valued customer\Application Data\PlayFirst
2007-08-31 22:13 35,296 ----a-w C:\WINDOWS\system32\drivers\Dvd43.sys
2007-08-30 23:53 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-08-28 12:52 --------- d-----w C:\Program Files\GameFiesta
2007-08-27 18:47 --------- d-----w C:\Program Files\MySurvey Messenger
2007-08-27 00:36 --------- d-----w C:\Program Files\CueClub
2007-08-26 13:42 --------- d-----w C:\Program Files\InterVideo
2007-08-25 18:28 --------- d-----w C:\Program Files\Emerald Tale
2007-08-22 23:31 705,711 ----a-w C:\WINDOWS\LOTR_Legolas.exe
2007-08-22 23:31 386,848 ----a-w C:\WINDOWS\LOTR_Legolas.scr
2007-08-22 23:31 30,208 ----a-w C:\WINDOWS\mickey32.dll
2007-08-22 23:29 401,560 ----a-w C:\WINDOWS\Dvdgal.scr
2007-08-22 23:29 1,406,365 ----a-w C:\WINDOWS\Dvdgal.exe
2007-08-20 00:55 286,720 ----a-w C:\WINDOWS\iun506.exe
2006-03-04 09:09 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-06-08 16:01:38 1,312 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 16:21 C:\WINDOWS\system32\HDAShCut.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-22 09:23]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-02-12 18:58]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-02-05 18:32]
"LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 17:05]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 04:20]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2006-04-07 15:02]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"New Application"="C:\Program Files\Q-Type Pro\OSD.exe" [2003-07-16 22:14]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\ADMIN\Start Menu\Programs\Startup\
Dialog Helper.lnk - C:\Program Files\VCOM\PowerDesk\pddlghlp.exe [2005-10-04 13:16:46]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-08-11 03:21:12]

C:\Documents and Settings\valued customer\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-08-11 03:21:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoViewOnDrive"=0 (0x0)
"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVDIdle Pro\DVDShell.dll [2004-10-09 02:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkjgf]
nnnkjgf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe /hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]

R0 m5288;m5288;C:\WINDOWS\system32\DRIVERS\m5288.sys
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys
R2 713xTVCard;SAA7130 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys
R2 dvdmmg;dvdmmg;\??\C:\WINDOWS\system32\drivers\dvdmmg.sys
R2 GameEnhV1;GameEnhV1;\??\C:\WINDOWS\system32\Drivers\GameEnh.sys
R2 Games Enhancement Service;Games Enhancement Service;"C:\Program Files\Common Files\Games Enhancement\gameen.exe"
R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe -service
R2 X4HSX32Ex;X4HSX32Ex;\??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys
R3 Dvd43;Dvd43;C:\WINDOWS\system32\DRIVERS\Dvd43.sys
R3 PhTVTune;TV Capture Card WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
R3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys
S2 Cap7134;TV Capture Card WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
S3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8578d93-da00-11db-9841-806d6172696f}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-10-25 13:17:27 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-24 08:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-25 08:28:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-25 8:30:38 - machine was rebooted
.
--- E O F ---
Smile, it makes you look better!?! :)


The only stupid question there is, is one that goes unasked.
Do you have any questions?

#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 25 October 2007 - 10:52 AM

If you will have this file scanned please.

C:\WINDOWS\browser.exe

Scan at http://www.virustotal.com and save the results to notepad and post back here please.


Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O3 - Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - (no file)


O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

O20 - Winlogon Notify: nnnkjgf - nnnkjgf.dll (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please make sure any Internet Browsers are Closed before running the ATF Cleaner.


Restart the machine and Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


#6 destinylynn79

destinylynn79
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conroe, Texas
  • Local time:05:41 AM

Posted 25 October 2007 - 02:49 PM

Okay, I performed all the things you asked of me. Below are all three logs in the order that you listed them in you last message. I am ready for the next step and thank you again. You are A life saver. I do not know what I am looking at. I am glad you do and that you are helping me.

Desiree :thumbsup:


------------------------------------------------------------------------------------------------------------------------------------

Virustotal report:


Antivirus Version Last Update Result
AhnLab-V3 2007.10.26.0 2007.10.25 -
AntiVir 7.6.0.27 2007.10.25 -
Authentium 4.93.8 2007.10.24 -
Avast 4.7.1074.0 2007.10.25 -
AVG 7.5.0.488 2007.10.25 -
BitDefender 7.2 2007.10.25 -
CAT-QuickHeal 9.00 2007.10.25 Trojan.Autoit.D
ClamAV 0.91.2 2007.10.25 -
DrWeb 4.44.0.09170 2007.10.25 -
eSafe 7.0.15.0 2007.10.22 suspicious Trojan/Worm
eTrust-Vet 31.2.5241 2007.10.25 -
Ewido 4.0 2007.10.25 -
FileAdvisor 1 2007.10.25 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.25 -
F-Secure 6.70.13030.0 2007.10.25 -
Ikarus T3.1.1.12 2007.10.25 Trojan.Win32.Autoit.D
Kaspersky 7.0.0.125 2007.10.25 -
McAfee 5149 2007.10.25 -
Microsoft 1.2908 2007.10.25 -
NOD32v2 2617 2007.10.25 -
Norman 5.80.02 2007.10.25 -
Panda 9.0.0.4 2007.10.25 -
Prevx1 V2 2007.10.25 -
Rising 19.46.31.00 2007.10.25 -
Sophos 4.22.0 2007.10.25 -
Sunbelt 2.2.907.0 2007.10.24 -
Symantec 10 2007.10.25 -
TheHacker 6.2.9.107 2007.10.25 Trojan/Agent.lf
VBA32 3.12.2.4 2007.10.24 -
VirusBuster 4.3.26:9 2007.10.25 -
Webwasher-Gateway 6.6.1 2007.10.25 -
Additional information
File size: 43387 bytes
MD5: d8dfa157a09614c969373b7e421c103c
SHA1: 2a41c4c0c9aedddda57294753895a2bda3b1d4fd
packers: UPX
packers: UPX
packers: UPX, Autoit





-----------------------------------------------------------------------------------------------------------------------------------

F-Secure Scanning Report
Thursday, October 25, 2007 13:10:00 - 13:55:13
Computer name: VALUED-29CD3F6C
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 1 malware found
W32/BHO.AKF (virus)
C:\WINDOWS\SYSTEM32\MSJAVA32.DLL (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 38728
System: 5915
Not scanned: 4
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 1
Submitted: 1
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\SQLITE_79VXZTFT7GPY0BK
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{03DBDACB-635A-4D93-9347-197CBFFEB7B6}.BIN

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-10-25
F-Secure AVP: 7.0.171, 2007-10-25
F-Secure Orion: 1.2.37, 2007-10-25
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0615-150-72
F-Secure Pegasus: 1.19.0, 2007-09-18
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Use Advanced heuristics


-------------------------------------------------------------------------------------------------------------------------------------



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:18 PM, on 10/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Games Enhancement\gameen.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Q-Type Pro\MulMouse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Q-Type Pro\Versato.exe
C:\Program Files\Q-Type Pro\MagicWl.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Q-Type Pro\OSD.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [New Application] C:\Program Files\Q-Type Pro\OSD.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Enable Q-Point Driver.lnk = C:\Program Files\Q-Type Pro\MulMouse.exe
O4 - Global Startup: Enable Q-Type Driver.lnk = C:\Program Files\Q-Type Pro\Versato.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase2895.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1177958462109
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9E515FE4-2A60-4D08-8E96-CF9A967BE49B} (SSMEarthLink Control) - http://check.earthlinksecurity.com/SSMEarthLink.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CS1\Services\Tcpip\..\{0257D8F9-28D0-44B1-9018-F61A7A18D10E}: NameServer = 68.94.156.1 68.94.157.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Games Enhancement Service - Exent Technologies Ltd. - C:\Program Files\Common Files\Games Enhancement\gameen.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9453 bytes
Smile, it makes you look better!?! :)


The only stupid question there is, is one that goes unasked.
Do you have any questions?

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 25 October 2007 - 05:16 PM

Thanks for the scan,lets do this the easy way. :thumbsup:

Copy the text below to notepad and save it to the desktop with the name CFScript.txt

File::
C:\WINDOWS\SYSTEM32\MSJAVA32.DLL
C:\WINDOWS\browser.exe

Once saved,drag CFScript.txt on top of ComboFix.exe and this will launch the tool and begin the script.


Once completed,post the new CombFix log


After posting that log,Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#8 destinylynn79

destinylynn79
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conroe, Texas

Posted 25 October 2007 - 06:47 PM

Following directions exactly: here is the Combofix log. I will now run the kapersky and follow the remained of the directions you gave me.

-------------------------------------------------------------------------------------------------------------------------------------
ComboFix 07-10-23.1 - valued customer 2007-10-25 18:29:50.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1339 [GMT -5:00]
Running from: C:\Documents and Settings\valued customer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\valued customer\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\browser.exe
C:\WINDOWS\SYSTEM32\MSJAVA32.DLL
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\browser.exe
C:\WINDOWS\SYSTEM32\MSJAVA32.DLL

.
((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 )))))))))))))))))))))))))))))))
.

2007-10-25 08:08 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 13:07 <DIR> d-------- C:\Program Files\3RVX
2007-10-24 12:20 <DIR> d-------- C:\Temp\META-INF
2007-10-24 09:30 <DIR> d-------- C:\dell
2007-10-24 09:23 <DIR> d-------- C:\Program Files\Sound Volume Hotkeys
2007-10-24 09:15 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro 5.5
2007-10-24 08:10 <DIR> d-------- C:\Program Files\Glary Utilities
2007-10-24 08:05 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\VSRevoGroup
2007-10-24 08:04 <DIR> d-------- C:\Program Files\VS Revo Group
2007-10-23 18:38 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-10-23 18:16 <DIR> d-------- C:\Program Files\Absolute Uninstaller
2007-10-23 17:58 <DIR> d-------- C:\Program Files\Wise Registry Cleaner
2007-10-22 07:55 <DIR> d-------- C:\Program Files\DIKO
2007-10-22 07:46 <DIR> d-------- C:\WINDOWS\system32\ffdshow
2007-10-22 07:46 <DIR> d-------- C:\Program Files\SourceTec
2007-10-22 07:36 <DIR> d-------- C:\Program Files\CinemaForge
2007-10-22 07:36 1,559,056 --a------ C:\WINDOWS\screengenie.scr
2007-10-22 07:15 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-10-22 07:11 <DIR> d-------- C:\Program Files\Kate's Video Converter
2007-10-22 07:11 598,016 --a------ C:\WINDOWS\system32\viscomqtde.dll
2007-10-22 07:11 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-10-22 07:11 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll
2007-10-22 07:11 110,592 --a------ C:\WINDOWS\system32\viscomaudioencoder.dll
2007-10-22 07:11 98,304 --a------ C:\WINDOWS\system32\viscomtran.dll
2007-10-22 07:11 94,208 --a------ C:\WINDOWS\system32\viscomaudiodata.dll
2007-10-22 07:11 90,112 --a------ C:\WINDOWS\system32\viscomframe.dll
2007-10-22 07:11 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-10-21 12:53 <DIR> d-------- C:\logs
2007-10-21 12:53 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\InstallShield
2007-10-19 14:17 <DIR> d-------- C:\Documents and Settings\valued customer\Incomplete
2007-10-18 15:37 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\RegistrySmart
2007-10-16 18:53 <DIR> d-------- C:\Program Files\9Dragons
2007-10-15 07:25 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\FaxCtr
2007-10-14 11:04 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\Motive
2007-10-13 22:40 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\Lexmark Imaging Studio
2007-10-13 22:34 <DIR> d-------- C:\Program Files\Lx_cats
2007-10-13 22:33 331,776 --a------ C:\WINDOWS\system32\lxddcoin.dll
2007-10-13 22:33 40,960 --a------ C:\WINDOWS\system32\lxddvs.dll
2007-10-13 22:32 692,224 --a------ C:\WINDOWS\system32\lxdddrs.dll
2007-10-13 22:32 69,632 --a------ C:\WINDOWS\system32\lxddcnv4.dll
2007-10-13 22:32 65,536 --a------ C:\WINDOWS\system32\lxddcaps.dll
2007-10-13 22:31 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-10-13 22:31 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-10-13 22:31 45,056 --a------ C:\WINDOWS\system32\LXF3PMON.DLL
2007-10-13 22:31 36,864 --a------ C:\WINDOWS\system32\lxf3oem.dll
2007-10-13 22:31 32,768 --a------ C:\WINDOWS\system32\LXF3FXPU.DLL
2007-10-13 22:31 12,288 --a------ C:\WINDOWS\system32\LXF3PMRC.DLL
2007-10-13 22:27 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2007-10-13 22:26 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2007-10-13 22:26 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-10-13 22:25 <DIR> d-------- C:\Program Files\Lexmark 2500 Series
2007-10-13 22:25 323,584 --a------ C:\WINDOWS\system32\LXDDhcp.dll
2007-10-13 22:25 278,528 --a------ C:\WINDOWS\system32\LXDDinst.dll
2007-10-13 22:23 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-10-13 22:23 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-10-13 22:19 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-13 22:19 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-12 23:12 <DIR> d-------- C:\Program Files\Q-Type Pro
2007-10-11 08:11 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-10-11 08:11 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-11 08:10 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-11 08:10 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-10-11 08:09 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-11 08:08 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-11 06:24 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-10 15:23 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-10 00:08 4,255 --a--c--- C:\WINDOWS\system32\dllcache\adv01nt5.dll
2007-10-10 00:08 3,967 --a--c--- C:\WINDOWS\system32\dllcache\adv02nt5.dll
2007-10-10 00:08 3,615 --a--c--- C:\WINDOWS\system32\dllcache\adv05nt5.dll
2007-10-09 23:21 747,392 --a--c--- C:\WINDOWS\system32\dllcache\adm8830.sys
2007-10-09 23:21 584,448 --a--c--- C:\WINDOWS\system32\dllcache\adm8810.sys
2007-10-09 23:21 553,984 --a--c--- C:\WINDOWS\system32\dllcache\adm8820.sys
2007-10-09 23:21 101,888 --a--c--- C:\WINDOWS\system32\dllcache\adpu160m.sys
2007-10-09 23:21 61,440 --a--c--- C:\WINDOWS\system32\dllcache\acerscad.dll
2007-10-09 23:21 46,112 --a--c--- C:\WINDOWS\system32\dllcache\adptsf50.sys
2007-10-09 23:21 20,160 --a--c--- C:\WINDOWS\system32\dllcache\adm8511.sys
2007-10-09 23:21 10,880 --a--c--- C:\WINDOWS\system32\dllcache\admjoy.sys
2007-10-09 23:21 7,424 --a--c--- C:\WINDOWS\system32\dllcache\adicvls.sys
2007-10-09 23:16 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-10-09 23:05 <DIR> d-------- C:\Program Files\InstallSafe
2007-10-09 22:06 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-10-09 22:06 138,752 --a--c--- C:\WINDOWS\system32\dllcache\sndvol32.exe
2007-10-09 14:32 <DIR> d-------- C:\Program Files\CodeStuff
2007-10-09 13:26 235,008 --a------ C:\WINDOWS\UNBOC.EXE
2007-10-09 13:26 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2007-10-09 13:25 <DIR> d-------- C:\Program Files\Comodo
2007-10-06 23:50 <DIR> d-------- C:\Program Files\Sound Wheel
2007-10-06 22:34 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\Uniblue
2007-10-06 18:39 23,552 -ra------ C:\WINDOWS\system32\PostProc.dll
2007-10-06 09:49 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\Ashampoo Photo Commander 4
2007-10-06 09:33 <DIR> d-------- C:\Program Files\Ashampoo
2007-10-04 23:20 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\vlc
2007-10-04 23:04 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\AVG7
2007-10-04 23:04 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-10-04 19:52 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\vlc(2)
2007-10-04 19:51 <DIR> d-------- C:\Program Files\VideoLAN
2007-10-04 18:47 <DIR> d-------- C:\Documents and Settings\valued customer\Application Data\Azureus
2007-10-04 18:46 <DIR> d-------- C:\Program Files\Azureus
2007-10-03 20:21 <DIR> d-------- C:\Program Files\Fairies
2007-10-03 19:51 266,240 --------- C:\WINDOWS\SBCDSL.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-25 23:35 --------- d-----w C:\Program Files\Common Files\Games Enhancement
2007-10-25 23:32 500,708 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-25 23:32 39,581,728 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-25 11:58 --------- d-----w C:\Documents and Settings\valued customer\Application Data\WeatherBug
2007-10-24 18:36 --------- d-----w C:\Program Files\Analog Devices
2007-10-24 13:50 --------- d-----w C:\Program Files\bfgclient
2007-10-24 13:13 --------- d-----w C:\Documents and Settings\valued customer\Application Data\GlarySoft
2007-10-24 12:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-24 12:01 --------- d-----w C:\Program Files\Registry Repair
2007-10-24 12:00 --------- d-----w C:\Program Files\Free Windows Registry Cleaner
2007-10-24 11:58 --------- d-----w C:\Program Files\Smart PC Solutions
2007-10-24 11:58 --------- d-----w C:\Documents and Settings\valued customer\Application Data\Smart PC Solutions
2007-10-23 23:12 --------- d-----w C:\Program Files\Any Video Converter
2007-10-23 23:12 --------- d-----w C:\Documents and Settings\valued customer\Application Data\LimeWire
2007-10-23 23:12 --------- d-----w C:\Documents and Settings\valued customer\Application Data\HouseCall 6.6
2007-10-23 23:12 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\VCOMAntiSpam
2007-10-23 23:11 --------- d-----w C:\Program Files\Webshots
2007-10-23 23:11 --------- d-----w C:\Program Files\SBC Self Support Tool
2007-10-23 23:11 --------- d-----w C:\Program Files\Punch! Pro - Platinum
2007-10-23 23:11 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-10-23 23:11 --------- d-----w C:\Program Files\MAHJONGG
2007-10-23 23:11 --------- d-----w C:\Program Files\LimeWire
2007-10-23 23:11 --------- d-----w C:\Program Files\Insaniquarium Deluxe
2007-10-23 23:11 --------- d-----w C:\Program Files\G.H.O.S.T. Hunters - The Haunting of Majesty Manor
2007-10-23 23:11 --------- d-----w C:\Program Files\Free Window Registry Repair
2007-10-23 23:11 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2007-10-23 23:11 --------- d-----w C:\Program Files\DVDFab Platinum
2007-10-22 12:33 --------- d-----w C:\Program Files\Xvid
2007-10-21 17:59 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-10-15 01:23 --------- d-----w C:\Documents and Settings\valued customer\Application Data\Yahoo!
2007-10-14 00:27 --------- d-----w C:\Program Files\Java
2007-10-12 14:32 --------- d-----w C:\Program Files\Windows Defender
2007-10-12 14:32 --------- d-----w C:\Program Files\Vongo
2007-10-12 14:14 --------- d-----w C:\Program Files\DVDIdle Pro
2007-10-10 20:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 03:26 --------- d-----w C:\Program Files\Coupons
2007-10-06 14:46 --------- d-----w C:\Documents and Settings\valued customer\Application Data\Ashampoo
2007-10-05 11:56 --------- d-----w C:\Program Files\DivX
2007-10-04 22:27 --------- d-----w C:\Program Files\Common Files\Motive
2007-10-04 21:49 --------- d-----w C:\Program Files\Yahoo!
2007-09-06 15:51 --------- d-----w C:\Program Files\Stamps.com Internet Postage
2007-09-06 10:15 5,504 ----a-w C:\WINDOWS\system32\drivers\dvdmmg.sys
2007-08-31 23:31 --------- d-----w C:\Documents and Settings\valued customer\Application Data\PlayFirst
2007-08-31 22:13 35,296 ----a-w C:\WINDOWS\system32\drivers\Dvd43.sys
2007-08-30 23:53 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-08-28 12:52 --------- d-----w C:\Program Files\GameFiesta
2007-08-27 18:47 --------- d-----w C:\Program Files\MySurvey Messenger
2007-08-27 00:36 --------- d-----w C:\Program Files\CueClub
2007-08-26 13:42 --------- d-----w C:\Program Files\InterVideo
2007-08-25 18:28 --------- d-----w C:\Program Files\Emerald Tale
2007-08-22 23:31 705,711 ----a-w C:\WINDOWS\LOTR_Legolas.exe
2007-08-22 23:31 386,848 ----a-w C:\WINDOWS\LOTR_Legolas.scr
2007-08-22 23:31 30,208 ----a-w C:\WINDOWS\mickey32.dll
2007-08-22 23:29 401,560 ----a-w C:\WINDOWS\Dvdgal.scr
2007-08-22 23:29 1,406,365 ----a-w C:\WINDOWS\Dvdgal.exe
2007-08-20 00:55 286,720 ----a-w C:\WINDOWS\iun506.exe
2006-03-04 09:09 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-06-08 16:01:38 1,312 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((( snapshot@2007-10-25_ 8.30.02.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-07 21:38:46 500,120 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2007-05-07 21:39:00 192,920 ----a-w C:\WINDOWS\Downloaded Program Files\fsauc.dll
+ 2007-05-07 21:39:24 254,360 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
- 2007-10-25 13:16:17 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2007-10-25 23:35:31 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 16:21 C:\WINDOWS\system32\HDAShCut.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-22 09:23]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-02-12 18:58]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-02-05 18:32]
"LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 17:05]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 04:20]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2006-04-07 15:02]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"New Application"="C:\Program Files\Q-Type Pro\OSD.exe" [2003-07-16 22:14]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\ADMIN\Start Menu\Programs\Startup\
Dialog Helper.lnk - C:\Program Files\VCOM\PowerDesk\pddlghlp.exe [2005-10-04 13:16:46]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-08-11 03:21:12]

C:\Documents and Settings\valued customer\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-08-11 03:21:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoViewOnDrive"=0 (0x0)
"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVDIdle Pro\DVDShell.dll [2004-10-09 02:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe /hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]

R0 m5288;m5288;C:\WINDOWS\system32\DRIVERS\m5288.sys
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys
R2 713xTVCard;SAA7130 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys
R2 dvdmmg;dvdmmg;\??\C:\WINDOWS\system32\drivers\dvdmmg.sys
R2 GameEnhV1;GameEnhV1;\??\C:\WINDOWS\system32\Drivers\GameEnh.sys
R2 Games Enhancement Service;Games Enhancement Service;"C:\Program Files\Common Files\Games Enhancement\gameen.exe"
R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe -service
R2 X4HSX32Ex;X4HSX32Ex;\??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys
R3 Dvd43;Dvd43;C:\WINDOWS\system32\DRIVERS\Dvd43.sys
R3 PhTVTune;TV Capture Card WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S2 Cap7134;TV Capture Card WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
S3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8578d93-da00-11db-9841-806d6172696f}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-10-25 23:36:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-24 08:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-25 18:41:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-25 18:43:52 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-25 08:30
.
--- E O F ---
Smile, it makes you look better!?! :)


The only stupid question there is, is one that goes unasked.
Do you have any questions?

#9 destinylynn79

destinylynn79
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conroe, Texas
  • Local time:05:41 AM

Posted 25 October 2007 - 08:11 PM

Below is the Kaspersky report. Ready for next instructions. And thanks, Cretemonster. I know this has been everybit as time consuming for you as it has been for me. I truelly appreciate your help. :thumbsup:

----------------------------------------------------------------------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, October 25, 2007 8:08:19 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/10/2007
Kaspersky Anti-Virus database records: 446375


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 84466
Number of viruses found 3
Number of infected objects 11
Number of suspicious objects 0
Duration of the scan process 00:55:56

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Windows Defender\Support\MPLog-07302007-090308.log Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\StarzEntertainment\Vongo\Data\vongo.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\valued customer\.housecall6.6\Quarantine\3DUltraMiniGolf_SE-dm[1].exe.bac_a02348 Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\Documents and Settings\valued customer\.housecall6.6\Quarantine\DreamChronicles-dm[1].exe.bac_a02348 Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\Documents and Settings\valued customer\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\valued customer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\valued customer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\valued customer\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\valued customer\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\valued customer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\valued customer\ntuser.dat Object is locked skipped

C:\Documents and Settings\valued customer\ntuser.dat.LOG Object is locked skipped

C:\MP3\books,adobe,progams\[Full] diablo with Bonus.zip/setup.exe/data0006/stream/data0004 Infected: not-a-virus:AdWare.Win32.BHO.ha skipped

C:\MP3\books,adobe,progams\[Full] diablo with Bonus.zip/setup.exe/data0006/stream Infected: not-a-virus:AdWare.Win32.BHO.ha skipped

C:\MP3\books,adobe,progams\[Full] diablo with Bonus.zip/setup.exe/data0006 Infected: not-a-virus:AdWare.Win32.BHO.ha skipped

C:\MP3\books,adobe,progams\[Full] diablo with Bonus.zip/setup.exe Infected: not-a-virus:AdWare.Win32.BHO.ha skipped

C:\MP3\books,adobe,progams\[Full] diablo with Bonus.zip ZIP: infected - 4 skipped

C:\Program Files\Common Files\Games Enhancement\GemService20071025233354GMT.Log Object is locked skipped

C:\Program Files\Common Files\Games Enhancement\inGameExtension20071025233354GMT.Log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{9589845C-F42B-4C46-8DC4-906D9DA04825}\RP32\A0015648.exe/WISE0152.BIN/stream/data0006 Infected: not-a-virus:AdWare.Win32.SearchIt.f skipped

C:\System Volume Information\_restore{9589845C-F42B-4C46-8DC4-906D9DA04825}\RP32\A0015648.exe/WISE0152.BIN/stream Infected: not-a-virus:AdWare.Win32.SearchIt.f skipped

C:\System Volume Information\_restore{9589845C-F42B-4C46-8DC4-906D9DA04825}\RP32\A0015648.exe/WISE0152.BIN Infected: not-a-virus:AdWare.Win32.SearchIt.f skipped

C:\System Volume Information\_restore{9589845C-F42B-4C46-8DC4-906D9DA04825}\RP32\A0015648.exe WiseSFX: infected - 3 skipped

C:\System Volume Information\_restore{9589845C-F42B-4C46-8DC4-906D9DA04825}\RP44\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\Internet Logs\VALUED-29CD3F6C.ldb Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\TEMP\sqlite_oJOeAiX1LQFxq6W Object is locked skipped

C:\WINDOWS\TEMP\ZLT03d25.TMP Object is locked skipped

C:\WINDOWS\TEMP\ZLT070dd.TMP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
Smile, it makes you look better!?! :)


The only stupid question there is, is one that goes unasked.
Do you have any questions?

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 26 October 2007 - 02:34 AM

Locate and Delete the 2 following folders

C:\Documents and Settings\valued customer\.housecall6.6

C:\MP3\books,adobe,progams\[Full] diablo with Bonus.zip

Please post an uninstall list,
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file.
  • When you press Save button a notepad will open with the contents of that file.
  • Simply copy and paste the contents of that notepad into this topic please.


#11 destinylynn79

destinylynn79
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conroe, Texas

Posted 26 October 2007 - 06:43 AM

OK here is the unistall list and I deleted those to files , plus my husband had already unziped the {full}diablo with bonus.zip file. I deleted the unzip file as well. All three of these files are in my recycle bin.

Desiree



-------------------------------------------------------------------------------------------------------------------------------------
ABBYY FineReader 6.0 Sprint
Ad-Aware 2007
Adobe Reader 8.1.1
AVG 7.5
CodeStuff Starter
Glary Utilities 2.3.2.101
HijackThis 2.0.2
Java™ 6 Update 3
Kaspersky Online Scanner
Kate's Video Converter 2.8.4
Lexmark 2500 Series
Lexmark Fax Solutions
Lexmark Toolbar
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Mozilla Firefox (2.0.0.8)
Panda ActiveScan
Q-Type Pro keyboard and mice
Security Update for Windows Internet Explorer 7 (KB939653)
Sothink Movie DVD Maker
Spybot - Search & Destroy
Update for Windows XP (KB925720)
Windows Communication Foundation
Windows Imaging Component
Windows Live OneCare safety scanner
Windows Presentation Foundation
Windows Workflow Foundation
XviD MPEG-4 Codec
ZoneAlarm
Smile, it makes you look better!?! :)


The only stupid question there is, is one that goes unasked.
Do you have any questions?

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 26 October 2007 - 02:49 PM

Very nice uninstall list! :thumbsup:

Go ahead and empty out the recycle bin and proceed with below.


Now we need to reset System Restore and Clear out all the old infected restore points.
  • Click Start
  • Right-Click "My Computer" and Select Properties.
  • Click on the "System Restore" tab.
  • Place a checkmark in the box for "Turn off System Restore" and Click "Apply."
  • Restart the Computer.
  • Return to System Restore and Uncheck the box for "Turn off System Restore" and Click "Apply."
  • A fresh Restore Point will be created.

Consider using Erunt for a backup to System Restore in case the machine ever does crash.
http://silentrunners.org/sr_eruntuse.html

Be sure to read through the entire page and pay close attention to Emergency Procedures should you ever need it.



How does the machine seem to be acting today?

#13 destinylynn79

destinylynn79
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conroe, Texas
  • Local time:05:41 AM

Posted 26 October 2007 - 11:11 PM

okay reset system restore and copied down the info about the website you gave.

you asked how my machine is doing today.
when you power up In orderf or windows to load I have to press and hold ctl, alt and del and the put in values customer and ok before windows will load witht he welcome screen and proceed. My web browser windows dont want ot close. End now pops up repeated ly and I have to manually shut the computer down. start up and shut down is slow and my att/ southwesten bell login icon wont open up. It tells me to select a program or use the web to find one to open it and then it disappears and wont open. I dont have the login screen like normal since you had me run kaspersky and remove those entries in Hijack this. Should I just redownload from the disk the software?

Are some of my registry entries screwy, maybe? If you could help with these issues then all shoulld be "peachy". Thank you for all you help.

other than that all seems to run fine. The phone company came out yesterday because I had no or low dsl signal and could not get on until after they were done working on it , but now when I am on it zooms everywhere-- which is good.



Desiree :wacko: :blink: :thumbsup:
Smile, it makes you look better!?! :)


The only stupid question there is, is one that goes unasked.
Do you have any questions?

#14 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 27 October 2007 - 05:07 AM

Few odd policies we can easily fix and then reboot and see what is left.

SWB login....reinstall the software,its gotta be like the BellSouth stuff we have down here and if the browser you speak of thats borking on you is Internet Explorer,this may also assist in restoring some of those settings.

The DSL installation software they use isnt the best I have ever seen.

If its another browser,tell me which it is?

Copy the text below to notepad and save to the desktop with the name restore.reg

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

Double Click restore.reg and answer Yes to the prompt that follows,then you can delete the reg file.


Restart and tell me if we fixed anything?


Look for me please,see if you can find this folder--> C:\Windows\Minidump

If you do,see whats inside and tell me in the next post please.


Next,I wanna scan similar to ComboFix but this one has 2 parts and will take 2 post to make,1 post for primary log and one for the extra log.

Find the canned speech in the link below about half way down the page,its called Deckard's System Scanner (DSS)
http://www.techsupportforum.com/security-c...osting-log.html

Download and follow instructions for usage but dont bother attaching logs.

Post main.txt in one reply and extra.txt in a seperate reply.

#15 destinylynn79

destinylynn79
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conroe, Texas
  • Local time:05:41 AM

Posted 27 October 2007 - 09:30 AM

When I double click the notepad file saved to the desktop (restore.reg) it does not give me a prompt or do anything.


Minidump folder is empty.

Main.txt info from the dss program is below and the other one will follow in another replay as you have asked.




Deckard's System Scanner v20071014.68
Run by valued customer on 2007-10-27 09:22:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-10-27 14:22:44 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2007-10-27 04:00:41 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 32.78 GiB (less than 15%) free.


-- HijackThis (run as valued customer.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:04 AM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Games Enhancement\gameen.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\Vongo\Tray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Q-Type Pro\MulMouse.exe
C:\Program Files\Q-Type Pro\Versato.exe
C:\Program Files\Q-Type Pro\MagicWl.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Q-Type Pro\OSD.EXE
C:\Documents and Settings\valued customer\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\valued customer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [New Application] C:\Program Files\Q-Type Pro\OSD.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Enable Q-Point Driver.lnk = C:\Program Files\Q-Type Pro\MulMouse.exe
O4 - Global Startup: Enable Q-Type Driver.lnk = C:\Program Files\Q-Type Pro\Versato.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase2895.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1177958462109
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9E515FE4-2A60-4D08-8E96-CF9A967BE49B} (SSMEarthLink Control) - http://check.earthlinksecurity.com/SSMEarthLink.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CS1\Services\Tcpip\..\{0257D8F9-28D0-44B1-9018-F61A7A18D10E}: NameServer = 68.94.156.1 68.94.157.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Games Enhancement Service - Exent Technologies Ltd. - C:\Program Files\Common Files\Games Enhancement\gameen.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9539 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071025-123132-126 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20071025-123132-229 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
backup-20071025-123132-459 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
backup-20071025-123132-731 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
backup-20071025-123132-763 O3 - Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - (no file)
backup-20071025-123132-941 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20071025-123132-951 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
backup-20071025-123133-400 O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
backup-20071025-123133-547 O20 - Winlogon Notify: nnnkjgf - nnnkjgf.dll (file missing)
backup-20071025-123133-788 O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 m5288 - c:\windows\system32\drivers\m5288.sys <Not Verified; ULi Electronics Inc.; ULi SATA Controller Driver>
R1 kbfilter (Keyboard Filter Driver) - c:\windows\system32\drivers\kbfilter.sys <Not Verified; WayTech Development, Inc.; Keyboard filter driver>
R1 moufiltr (Mouse Filter Driver) - c:\windows\system32\drivers\moufiltr.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 dvdmmg - c:\windows\system32\drivers\dvdmmg.sys
R2 X4HSX32Ex - c:\program files\free ride games\x4hsx32ex.sys <Not Verified; Exent Technologies Ltd.; Exent EXETender® for Win2K>
R3 Dvd43 - c:\windows\system32\drivers\dvd43.sys <Not Verified; Fengtao Software Inc.; DVD43>
R3 PhTVTune (TV Capture Card WDM TV Tuner) - c:\windows\system32\drivers\phtvtune.sys <Not Verified; Animation Technologies Inc.; LifeView FlyVideo>

S2 Cap7134 (TV Capture Card WDM Video Capture) - c:\windows\system32\drivers\cap7134.sys <Not Verified; Animation Technologies Inc.; LifeView FlyVideo>
S3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys (file missing)
S3 AEAudioService (AEAudio Service) - c:\windows\system32\drivers\aeaudio.sys (file missing)
S3 catchme - c:\docume~1\valued~1\locals~1\temp\catchme.sys (file missing)
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 SenFiltService (SenFilt Service) - c:\windows\system32\drivers\senfilt.sys (file missing)
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Games Enhancement Service - "c:\program files\common files\games enhancement\gameen.exe" <Not Verified; Exent Technologies Ltd.; Exent® Games Enhancement Manager>
R2 Vongo Service - c:\program files\vongo\vongoservice.exe <Not Verified; Starz Entertainment Group LLC; Vongo>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-10-27 09:00:39 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-10-27 03:30:00 446 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job


-- Files created between 2007-09-27 and 2007-10-27 -----------------------------

2007-10-26 22:56:41 0 dr-h----- C:\Documents and Settings\valued customer\Recent
2007-10-25 18:48:28 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2007-10-25 18:48:27 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-24 13:07:26 0 d-------- C:\Program Files\3RVX
2007-10-24 09:30:14 0 d-------- C:\dell
2007-10-24 09:23:13 0 d-------- C:\Program Files\Sound Volume Hotkeys
2007-10-24 09:15:43 0 d-------- C:\Program Files\Microsoft IntelliType Pro 5.5
2007-10-24 08:10:31 0 d-------- C:\Program Files\Glary Utilities
2007-10-24 08:05:32 0 d-------- C:\Documents and Settings\valued customer\Application Data\VSRevoGroup
2007-10-24 08:04:55 0 d-------- C:\Program Files\VS Revo Group
2007-10-23 18:16:50 0 d-------- C:\Program Files\Absolute Uninstaller
2007-10-23 17:58:10 0 d-------- C:\Program Files\Wise Registry Cleaner
2007-10-22 07:55:02 0 d-------- C:\Program Files\DIKO
2007-10-22 07:46:48 0 d-------- C:\WINDOWS\system32\ffdshow
2007-10-22 07:46:48 0 d-------- C:\Program Files\SourceTec
2007-10-22 07:36:28 0 d-------- C:\Program Files\CinemaForge
2007-10-22 07:11:39 81920 --a------ C:\WINDOWS\system32\viscomwave.dll <Not Verified; Viscom Software; >
2007-10-22 07:11:39 98304 --a------ C:\WINDOWS\system32\viscomtran.dll <Not Verified; Viscom Software www.viscomsoft.com; Viscom Transform Filter>
2007-10-22 07:11:39 147456 --a------ C:\WINDOWS\system32\viscomqtenc.dll <Not Verified; Viscom Software www.viscomsoft.com; >
2007-10-22 07:11:39 598016 --a------ C:\WINDOWS\system32\viscomqtde.dll <Not Verified; ; QuickTime Decoder>
2007-10-22 07:11:39 90112 --a------ C:\WINDOWS\system32\viscomframe.dll <Not Verified; L544? Technology; CustomFrameGrabber Filter>
2007-10-22 07:11:39 110592 --a------ C:\WINDOWS\system32\viscomaudioencoder.dll <Not Verified; Viscom Software; DirectX 9.0 Sample>
2007-10-22 07:11:39 94208 --a------ C:\WINDOWS\system32\viscomaudiodata.dll <Not Verified; Viscom Software; >
2007-10-22 07:11:39 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-10-22 07:11:13 0 d-------- C:\Program Files\Kate's Video Converter
2007-10-21 12:53:13 0 d-------- C:\Documents and Settings\valued customer\Application Data\InstallShield
2007-10-21 12:53:01 0 d-------- C:\logs
2007-10-19 14:17:44 0 d-------- C:\Documents and Settings\valued customer\Incomplete
2007-10-18 15:37:36 0 d-------- C:\Documents and Settings\valued customer\Application Data\RegistrySmart
2007-10-16 18:53:46 0 d-------- C:\Program Files\9Dragons
2007-10-15 07:25:34 0 d-------- C:\Documents and Settings\valued customer\Application Data\FaxCtr
2007-10-14 23:04:59 6553600 --a------ C:\Documents and Settings\valued customer\ntuser.dat
2007-10-14 11:04:28 0 d-------- C:\Documents and Settings\valued customer\Application Data\Motive
2007-10-13 22:40:11 0 d-------- C:\Documents and Settings\valued customer\Application Data\Lexmark Imaging Studio
2007-10-13 22:34:21 0 d-------- C:\Program Files\Lx_cats
2007-10-13 22:31:29 12288 --a------ C:\WINDOWS\system32\LXF3PMRC.DLL
2007-10-13 22:31:29 45056 --a------ C:\WINDOWS\system32\LXF3PMON.DLL
2007-10-13 22:31:29 36864 --a------ C:\WINDOWS\system32\lxf3oem.dll <Not Verified; ; Lexmark Fax Solutions Software>
2007-10-13 22:31:29 32768 --a------ C:\WINDOWS\system32\LXF3FXPU.DLL
2007-10-13 22:31:29 98345 --a------ C:\WINDOWS\system32\IMHOST32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2007-10-13 22:31:29 339968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2007-10-13 22:31:28 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FaxCtr
2007-10-13 22:27:34 0 d-------- C:\Program Files\Lexmark Fax Solutions
2007-10-13 22:26:58 0 d-------- C:\Program Files\Lexmark Toolbar
2007-10-13 22:26:32 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-10-13 22:25:18 0 d-------- C:\Program Files\Lexmark 2500 Series
2007-10-13 22:25:01 278528 --a------ C:\WINDOWS\system32\LXDDinst.dll
2007-10-13 22:25:00 323584 --a------ C:\WINDOWS\system32\LXDDhcp.dll <Not Verified; ; Printer Communication System>
2007-10-12 23:12:56 0 d-------- C:\Program Files\Q-Type Pro
2007-10-11 08:12:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2007-10-11 08:11:50 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2007-10-11 08:10:44 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-11 08:09:59 0 d-------- C:\WINDOWS\Internet Logs
2007-10-11 08:08:44 0 d-------- C:\Program Files\Trend Micro
2007-10-11 06:24:52 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-10 15:28:56 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-10-10 15:23:09 0 d-------- C:\Program Files\Lavasoft
2007-10-10 15:23:09 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2007-10-09 23:05:09 0 d-------- C:\Program Files\InstallSafe
2007-10-09 14:32:54 0 d-------- C:\Program Files\CodeStuff
2007-10-09 13:26:10 235008 --a------ C:\WINDOWS\UNBOC.EXE <Not Verified; COMODO; COMODO BOClean - Anti-Malware>
2007-10-09 13:26:09 208896 --a------ C:\WINDOWS\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
2007-10-09 13:25:56 0 d-------- C:\Program Files\Comodo
2007-10-06 23:50:53 0 d-------- C:\Program Files\Sound Wheel
2007-10-06 22:34:19 0 d-------- C:\Documents and Settings\valued customer\Application Data\Uniblue
2007-10-06 18:39:06 23552 -ra------ C:\WINDOWS\system32\PostProc.dll <Not Verified; Analog Devices, Inc.; SoundMAX coinstaller>
2007-10-06 09:49:11 0 d-------- C:\Documents and Settings\valued customer\Application Data\Ashampoo Photo Commander 4
2007-10-06 09:33:06 0 d-------- C:\Program Files\Ashampoo
2007-10-05 06:36:08 0 dr-h----- C:\$VAULT$.AVG
2007-10-04 23:20:57 0 d-------- C:\Documents and Settings\valued customer\Application Data\vlc
2007-10-04 23:04:20 0 d-------- C:\Documents and Settings\valued customer\Application Data\AVG7
2007-10-04 23:04:14 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-10-04 19:52:23 0 d-------- C:\Documents and Settings\valued customer\Application Data\vlc(2)
2007-10-04 19:51:54 0 d-------- C:\Program Files\VideoLAN
2007-10-04 18:47:24 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus
2007-10-04 18:47:22 0 d-------- C:\Documents and Settings\valued customer\Application Data\Azureus
2007-10-04 18:46:15 0 d-------- C:\Program Files\Azureus
2007-10-04 17:27:20 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2007-10-04 16:47:47 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2007-10-03 20:21:17 0 d-------- C:\Program Files\Fairies
2007-10-03 19:54:38 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-10-03 19:54:38 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-10-03 19:54:37 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-10-03 19:54:37 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2007-10-03 19:54:37 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-10-03 19:54:33 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-10-03 19:54:33 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-10-03 19:54:32 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-10-03 19:54:32 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-10-03 19:54:32 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-10-03 19:54:32 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-10-03 19:54:32 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-10-03 19:54:31 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-10-03 19:54:31 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-10-03 19:54:31 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-10-03 19:54:31 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-10-03 19:54:31 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-10-03 19:54:30 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-10-03 19:51:35 266240 -----n--- C:\WINDOWS\SBCDSL.exe <Not Verified; TODO: <Company name>; TODO: <Product name>>
2007-10-03 15:11:11 29696 -----n--- C:\WINDOWS\system32\dev32.exe <Not Verified; ALi Coporation; Install Program>
2007-10-03 15:11:04 209536 --a------ C:\WINDOWS\system32\drivers\m5288.sys <Not Verified; ULi Electronics Inc.; ULi SATA Controller Driver>
2007-10-03 15:11:04 163840 --a------ C:\WINDOWS\system32\coin5288.dll <Not Verified; ULi Electronics Inc.; Coinstaller Dynamic Link Library>
2007-10-03 15:02:25 0 d-------- C:\tech
2007-09-28 11:07:52 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 11:05:50 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-09-28 11:05:50 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-09-28 11:05:40 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-28 11:05:40 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-28 11:05:40 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-28 11:05:40 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-28 11:05:08 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2007-10-27 07:58:47 0 d-------- C:\Program Files\Common Files\Games Enhancement
2007-10-26 23:00:38 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-25 08:12:32 0 d-------- C:\Program Files\Common Files
2007-10-25 06:58:44 0 d-------- C:\Documents and Settings\valued customer\Application Data\WeatherBug
2007-10-24 13:36:18 0 d-------- C:\Program Files\Analog Devices
2007-10-24 08:50:45 0 d-------- C:\Program Files\bfgclient
2007-10-24 08:13:49 0 d-------- C:\Documents and Settings\valued customer\Application Data\GlarySoft
2007-10-24 07:21:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-24 07:01:52 0 d-------- C:\Program Files\Registry Repair
2007-10-24 07:00:23 0 d-------- C:\Program Files\Free Windows Registry Cleaner
2007-10-24 06:58:57 0 d-------- C:\Program Files\Smart PC Solutions
2007-10-24 06:58:56 0 d-------- C:\Documents and Settings\valued customer\Application Data\Smart PC Solutions
2007-10-23 18:12:09 0 d-------- C:\Documents and Settings\valued customer\Application Data\LimeWire
2007-10-23 18:12:09 0 d-------- C:\Documents and Settings\valued customer\Application Data\HouseCall 6.6
2007-10-23 18:12:01 0 d-------- C:\Program Files\Any Video Converter
2007-10-23 18:11:56 0 d-------- C:\Program Files\Insaniquarium Deluxe
2007-10-23 18:11:56 0 d-------- C:\Program Files\G.H.O.S.T. Hunters - The Haunting of Majesty Manor
2007-10-23 18:11:56 0 d-------- C:\Program Files\Free Window Registry Repair
2007-10-23 18:11:56 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-10-23 18:11:56 0 d-------- C:\Program Files\DVDFab Platinum
2007-10-23 18:11:55 0 d-------- C:\Program Files\MAHJONGG
2007-10-23 18:11:55 0 d-------- C:\Program Files\LimeWire
2007-10-23 18:11:51 0 d-------- C:\Program Files\Motorola Phone Tools
2007-10-23 18:11:49 0 d-------- C:\Program Files\SBC Self Support Tool
2007-10-23 18:11:49 0 d-------- C:\Program Files\Punch! Pro - Platinum
2007-10-23 18:11:46 0 d-------- C:\Program Files\Webshots
2007-10-22 07:33:16 0 d-------- C:\Program Files\Xvid
2007-10-21 12:59:46 0 d-------- C:\Program Files\Windows Live Safety Center
2007-10-21 09:41:42 48 --a------ C:\WINDOWS\pfnh32.dat
2007-10-14 20:23:27 0 d-------- C:\Documents and Settings\valued customer\Application Data\Yahoo!
2007-10-13 19:27:09 0 d-------- C:\Program Files\Java
2007-10-12 09:32:22 0 d-------- C:\Program Files\Windows Defender
2007-10-12 09:32:09 0 d-------- C:\Program Files\Vongo
2007-10-12 09:14:02 0 d-------- C:\Program Files\DVDIdle Pro
2007-10-10 15:22:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-09 22:26:57 0 d-------- C:\Program Files\Coupons
2007-10-06 09:46:16 0 d-------- C:\Documents and Settings\valued customer\Application Data\Ashampoo
2007-10-05 06:56:31 0 d-------- C:\Program Files\DivX
2007-10-04 17:27:19 0 d-------- C:\Program Files\Common Files\Motive
2007-10-04 16:49:43 0 d-------- C:\Program Files\Yahoo!
2007-09-06 10:51:27 0 d-------- C:\Program Files\Stamps.com Internet Postage
2007-09-06 07:32:11 36 --ah----- C:\WINDOWS\system32\f9t.dat
2007-08-31 18:31:32 0 d-------- C:\Documents and Settings\valued customer\Application Data\PlayFirst
2007-08-30 18:53:04 0 d-------- C:\Program Files\Common Files\Download Manager
2007-08-28 07:52:55 0 d-------- C:\Program Files\GameFiesta
2007-08-27 13:47:09 0 d-------- C:\Program Files\MySurvey Messenger
2007-08-22 19:10:59 4096 --a------ C:\WINDOWS\d3dx.dat
2007-08-22 18:31:08 30208 --a------ C:\WINDOWS\mickey32.dll <Not Verified; MacSourcery; Mickey DLL>
2007-08-22 18:31:08 386848 --a------ C:\WINDOWS\LOTR_Legolas.scr <Not Verified; MacSourcery; ScreenTime for Flash>
2007-08-22 18:31:08 705711 --a------ C:\WINDOWS\LOTR_Legolas.exe <Not Verified; Macromedia, Inc.; Flash 5.0>
2007-08-22 18:29:19 401560 --a------ C:\WINDOWS\Dvdgal.scr <Not Verified; MacSourcery; ScreenTime for Flash>
2007-08-22 18:29:19 1406365 --a------ C:\WINDOWS\Dvdgal.exe <Not Verified; Macromedia, Inc.; Shockwave Flash>
2007-08-19 19:55:05 286720 --a------ C:\WINDOWS\iun506.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
2007-08-18 17:51:59 63 --a------ C:\WINDOWS\GPlrLanc.dat
2007-08-06 16:43:43 35 --a------ C:\WINDOWS\popcinfo.dat
2007-07-31 18:13:54 380928 --a------ C:\WINDOWS\system32\BSTIEPrintCtl1.dll <Not Verified; BrightStreet.com; BSTIEPrintCtl1 Module>
2007-07-30 15:12:40 4184 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-27 15:34:54 31 --ah----- C:\WINDOWS\uccspecc.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 09:26 PM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [10/27/2004 04:21 PM C:\WINDOWS\system32\HDAShCut.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 04:14 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/22/2007 09:23 AM]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [02/12/2007 06:58 PM]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [02/05/2007 06:32 PM]
"LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [01/22/2007 05:05 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/15/2005 04:20 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [04/07/2006 03:02 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
"New Application"="C:\Program Files\Q-Type Pro\OSD.exe" [07/16/2003 10:14 PM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\valued customer\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [8/11/2006 3:21:12 AM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Enable Q-Point Driver.lnk - C:\Program Files\Q-Type Pro\MulMouse.exe [10/24/2007 2:13:28 PM]
Enable Q-Type Driver.lnk - C:\Program Files\Q-Type Pro\Versato.exe [10/24/2007 2:13:27 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoViewOnDrive"=0 (0x0)
"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVDIdle Pro\DVDShell.dll [10/09/2004 02:18 AM 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe /hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8578d93-da00-11db-9841-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480




-- End of Deckard's System Scanner: finished at 2007-10-27 09:25:16 ------------
Smile, it makes you look better!?! :)


The only stupid question there is, is one that goes unasked.
Do you have any questions?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users